EU to strengthen Internet privacy rules

(NYT) PARIS — The European Commission called on Thursday for stronger protection of Internet users’ personal information, after news of data leaks at companies like Facebook and Google highlighted concerns about digital privacy.

Viviane Reding, the justice commissioner, announced its intention to overhaul the European Union’s data protection rules to take account of the development of social networking, personalized advertising and other Web services that have raised privacy concerns. The new legislation, set to be introduced next year, would replace rules that date to 1995.

“The protection of personal data is a fundamental right,” Ms. Reding said. “To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalization.”

The commission said consumers should be informed “in a clear and transparent way” about how their data will be used. They should also have the right to fully delete digital information, like social networking profiles, and should be informed when their data has been used in unlawful ways, the commission added.

Several recent leaks of personal data have highlighted concerns about privacy in the digital realm, which have been more pronounced in some European countries, like Germany, than in the United States.

Google said last month, for example, that it had inadvertently collected information like e-mail messages and passwords when it gathered pictures for its Street View online mapping service; data protection officials in Britain said this week that this represented a “significant breach” of privacy laws, and officials in other countries are investigating.

Facebook, meanwhile, recently acknowledged that some of its social networking applications passed personal information to marketers without the user’s knowledge.

“The commission has planted the flag showing that the consumer’s right to privacy should not be undermined merely because it has become easier and more profitable to break it in the virtual world,” said Monique Goyens, director general of the European Consumers’ Organization, known by its French acronym, BEUC.

But the commission’s announcement was short on specifics — leaving open, for example, the question of whether Internet companies would have to secure consumers’ express permission before using or sharing personal data; currently, technology companies often do this unless consumers specifically forbid them from doing so. Submissions from privacy advocates, technology companies and other interested parties will be considered until Jan. 15, the commission said.

Rules requiring Internet companies to secure users’ consent upfront could hamper the development of services that align online advertising with Web users’ personal interests, as reflected in the Web sites they visit or the preferences they express in social networks and other online forums. From a marketer’s perspective, this could dilute one of the big advantages of the Web over traditional media.

Technology companies have also been calling for an update of E.U. privacy rules, however, saying there are too many different interpretations of existing legislation across the 27-nation bloc. This has hampered efforts to develop so-called cloud computing services, in which personal data sometimes crosses national borders, subjecting Internet companies to different sets of standards.

“It looks like the European Commission is not expecting a major overhaul of the existing data protection rules, but it is right about the need for harmonization,” said Wim Nauwelaerts, a lawyer at Hunton & Williams in Brussels, whose clients include a number of big technology companies.